b17fad5a1224d4276f6d47c7a1bdf106_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b17fad5a1224d4276f6d47c7a1bdf106_JaffaCakes118
Size

17.3MB
MD5

b17fad5a1224d4276f6d47c7a1bdf106
SHA1

ba6a6438835845c41280f5a52d1553e96e7e805f
SHA256

8adb17c8bff99c3466eeb05fc2c756f2ec6d41d20a13c1485bb4dc9cbbc2f9db
SHA512

b43f031e6ae7137c31f6984452be429dfa4d1bc44e040fd3930f9a72eded71b68ae94f6643ad940d652c3173eb9a37afcd1aa3c31b5a02a017eb0852cda12b8b
SSDEEP

393216:o+En/PCCjOiQBgfYFP8UjOiQGdVk2FZ/JSgopl6Coc:obPC3gW0WLhYl6Coc

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DVRsbkqu/DVR4000qud/Autorun.exe
unpack001/DVRsbkqu/DVR4000qud/Client/DVR4000-Client-Setup.exe
unpack001/DVRsbkqu/DVR4000qud/Driver/DrvInstall.exe
unpack001/DVRsbkqu/DVR4000qud/Driver/hvCapture.sys
unpack001/DVRsbkqu/DVR4000qud/Server/DVR4000-Server-Setup.exe
unpack001/DVRsbkqu/DVR4000qud/Tools/160G Maxtor DiskPatch/Maxtor160GMend.exe
unpack001/DVRsbkqu/DVR4000qud/Tools/HV4000 WMP Filters/hvfSource.ax

Files

b17fad5a1224d4276f6d47c7a1bdf106_JaffaCakes118
.rar
DVRsbkqu/DVR4000qud/Autorun.exe
.exe windows:4 windows x86 arch:x86

f85145a1d69f676a5679167b7cd7eb5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord815
ord540
ord561
ord825
ord800
ord3626
ord3663
ord641
ord795
ord2414
ord2514
ord2621
ord1134
ord860
ord2725
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5714
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord6055
ord1776
ord5290
ord3402
ord3721
ord3573
ord1146
ord1168
ord567
ord2302
ord3571
ord5953
ord6215
ord535
ord2818
ord2919
ord5683
ord858
ord537
ord1641
ord4160
ord2863
ord2379
ord755
ord470
ord4476
ord2575
ord4396
ord3574
ord609
ord556
ord809
ord4275
ord6197
ord6377
ord4284
ord3089
ord2864
ord2754
ord5875
ord3874
ord2859
ord640
ord1640
ord323
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5261
ord4673
ord1576

msvcrt

__p__fmode
__set_app_type
_except_handler3
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
__CxxFrameHandler
sprintf
__dllonexit
_onexit
_exit
__p__commode

kernel32

GetStartupInfoA
GetModuleHandleA
FindFirstFileA
FindClose
GetSystemDefaultLangID
GetModuleFileNameA

user32

GetCapture
PostMessageA
GetParent
GetSysColor
GetCursorPos
ReleaseCapture
ClientToScreen
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
FillRect
GetSystemMenu
AppendMenuA
SendMessageA
LoadBitmapA
EnableWindow
WindowFromPoint
SetWindowTextA
LoadImageA
LoadIconA
InvalidateRect

gdi32

CreateCompatibleDC
BitBlt
DeleteDC
CreatePatternBrush
GetObjectA
ExtTextOutA
GetTextMetricsA
SelectObject
GetStockObject

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DVRsbkqu/DVR4000qud/Autorun.inf
DVRsbkqu/DVR4000qud/Client/DVR4000-Client-Setup.exe
.exe windows:4 windows x86 arch:x86

2f6203366bc5aa9ff8b6cf7753ead32d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
lstrlenA
RemoveDirectoryA
CreateFileA
CloseHandle
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetLastError
GetModuleFileNameA
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
CreateProcessA
GetTempPathA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
SetEnvironmentVariableA
VirtualAlloc
FlushFileBuffers
DeleteFileA
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree

user32

SendMessageA
OffsetRect
PostMessageA
MessageBoxA
LoadIconA
GetSystemMetrics
LoadImageA
GetParent
GetDesktopWindow
GetWindowRect
GetDlgItem
SetWindowPos
GetWindowLongA
CreateDialogParamA
wsprintfA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage

ole32

CoUninitialize
CoInitialize

comctl32

InitCommonControlsEx

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DVRsbkqu/DVR4000qud/Client/doc/Simplified/Client.chm
.chm
DVRsbkqu/DVR4000qud/Client/oem.dll
DVRsbkqu/DVR4000qud/Driver/DrvInstall.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 286KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DVRsbkqu/DVR4000qud/Driver/DrvInstall.ini
DVRsbkqu/DVR4000qud/Driver/hvCapture.inf
DVRsbkqu/DVR4000qud/Driver/hvCapture.sys
.sys windows:5 windows x86 arch:x86

03d5e46d45d62b76ae95b95cb07e7898

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

A:\hwDVR\i386\hvCapture.pdb

Imports

ntoskrnl.exe

IoFreeMdl
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmUnmapIoSpace
MmFreeContiguousMemory
IoDisconnectInterrupt
RtlQueryRegistryValues
WRITE_REGISTER_ULONG
MmGetPhysicalAddress
MmAllocateContiguousMemorySpecifyCache
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
InterlockedExchange
KeInsertQueueDpc
IofCallDriver
KeSetEvent
ObReferenceObjectByHandle
KeInitializeDpc
MmAllocateContiguousMemory
InterlockedIncrement
IoRegisterDeviceInterface
IoAttachDeviceToDeviceStack
IoGetDeviceProperty
IoCreateDevice
IofCompleteRequest
PoCallDriver
PoStartNextPowerIrp
IoSetDeviceInterfaceState
IoGetDmaAdapter
IoConnectInterrupt
MmMapIoSpace
IoDeleteDevice
RtlFreeUnicodeString
IoDetachDevice
ObfDereferenceObject
ExFreePool
KeClearEvent
ExAllocatePoolWithTag

hal

KfLowerIrql
KfRaiseIrql
HalGetBusData
WRITE_PORT_ULONG
READ_PORT_ULONG

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DVRsbkqu/DVR4000qud/Help/Simplified/Client.chm
.chm
DVRsbkqu/DVR4000qud/Help/Simplified/Client.doc
.doc windows office2003
DVRsbkqu/DVR4000qud/Help/Simplified/Player.chm
.chm
DVRsbkqu/DVR4000qud/Help/Simplified/Player.doc
.doc windows office2003
DVRsbkqu/DVR4000qud/Help/Simplified/Server.chm
.chm
DVRsbkqu/DVR4000qud/Help/Simplified/Server.doc
.doc windows office2003
DVRsbkqu/DVR4000qud/Help/Simplified/WEB.doc
.doc windows office2003
DVRsbkqu/DVR4000qud/Help/Simplified/Web.chm
.chm
DVRsbkqu/DVR4000qud/Server/DVR4000-Server-Setup.exe
.exe windows:4 windows x86 arch:x86

2f6203366bc5aa9ff8b6cf7753ead32d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateDirectoryA
lstrlenA
RemoveDirectoryA
CreateFileA
CloseHandle
GetFileSize
ReadFile
WriteFile
SetFilePointer
GetLastError
GetModuleFileNameA
ResumeThread
SetThreadPriority
CreateThread
WaitForSingleObject
CreateProcessA
GetTempPathA
CompareStringW
CompareStringA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
SetEnvironmentVariableA
VirtualAlloc
FlushFileBuffers
DeleteFileA
RtlUnwind
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree

user32

SendMessageA
OffsetRect
PostMessageA
MessageBoxA
LoadIconA
GetSystemMetrics
LoadImageA
GetParent
GetDesktopWindow
GetWindowRect
GetDlgItem
SetWindowPos
GetWindowLongA
CreateDialogParamA
wsprintfA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
PostQuitMessage

ole32

CoUninitialize
CoInitialize

comctl32

InitCommonControlsEx

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DVRsbkqu/DVR4000qud/Server/back.dll
DVRsbkqu/DVR4000qud/Server/doc/Simplified/Client.chm
.chm
DVRsbkqu/DVR4000qud/Server/doc/Simplified/Player.chm
.chm
DVRsbkqu/DVR4000qud/Server/doc/Simplified/Server.chm
.chm
DVRsbkqu/DVR4000qud/Server/doc/Simplified/Web.chm
.chm
DVRsbkqu/DVR4000qud/Server/flash.dll
DVRsbkqu/DVR4000qud/Server/oem.dll
DVRsbkqu/DVR4000qud/Tools/160G Maxtor DiskPatch/160g.reg
DVRsbkqu/DVR4000qud/Tools/160G Maxtor DiskPatch/Maxtor160GMend.exe
.exe windows:4 windows x86 arch:x86

4d6767ed62bafba240cab511dc785c10

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetProcAddress
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
LoadLibraryA
GetCurrentProcess
GetVersionExA
FindResourceA
LoadResource
IsBadWritePtr
LockResource
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA

user32

DialogBoxParamA
MessageBoxA
ExitWindowsEx
LoadStringA
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
SetDlgItemTextA
SetWindowTextA
EndDialog

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DVRsbkqu/DVR4000qud/Tools/HV4000 WMP Filters/InstallFilter.bat
DVRsbkqu/DVR4000qud/Tools/HV4000 WMP Filters/UninstallFilter.bat
DVRsbkqu/DVR4000qud/Tools/HV4000 WMP Filters/hvfSource.ax
.dll regsvr32 windows:4 windows x86 arch:x86

71315efe12b5a93a17672180f3ca0e09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
GetLastError
CreateFileA
ReadFile
CloseHandle
GetFileSize
MultiByteToWideChar
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
WaitForSingleObject
InterlockedExchange
Sleep
InterlockedIncrement
InterlockedDecrement
CreateEventA
EnterCriticalSection
SetEvent
FreeLibrary
GetProcAddress
CreateThread
GetModuleHandleA
WideCharToMultiByte
LeaveCriticalSection
lstrcpyA
lstrcatA
lstrlenA
ResetEvent

user32

wsprintfA

advapi32

RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey

ole32

CoFreeUnusedLibraries
CoInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance

msvcrt

_wtoi
_ftol
wcslen
malloc
free
_initterm
_adjust_fdiv
strncmp
vsprintf
sscanf
_purecall
srand
rand
_except_handler3
wcscpy
wcsncpy
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DVRsbkqu/下载说明.htm
.html
DVRsbkqu/使用帮助(河东软件园).url
.url
DVRsbkqu/网盘附件下载地址(2).txt

Sharing

General

Malware Config

Signatures

Files

f85145a1d69f676a5679167b7cd7eb5e

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 896B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

2f6203366bc5aa9ff8b6cf7753ead32d

Headers

File Characteristics

Imports

kernel32

user32

ole32

comctl32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

File Characteristics

Sections

Size: 4KB - Virtual size: 12KB

Size: 3KB - Virtual size: 8KB

Size: 512B - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 48KB

Size: 512B - Virtual size: 4KB

.data Size: 286KB - Virtual size: 288KB

.adata Size: - Virtual size: 4KB

03d5e46d45d62b76ae95b95cb07e7898

Headers

File Characteristics

PDB Paths

Imports

ntoskrnl.exe

hal

Sections

.text Size: 34KB - Virtual size: 34KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 128B - Virtual size: 4B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 992B

.reloc Size: 1KB - Virtual size: 1KB

2f6203366bc5aa9ff8b6cf7753ead32d

Headers

File Characteristics

Imports

kernel32

user32

ole32

comctl32

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 4KB - Virtual size: 1KB

4d6767ed62bafba240cab511dc785c10

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 28KB - Virtual size: 26KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 896B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 48KB

.data
Size: 286KB - Virtual size: 288KB

.adata
Size: - Virtual size: 4KB

.text
Size: 34KB - Virtual size: 34KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 128B - Virtual size: 4B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 992B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 461KB

.rodata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB